Agent Transparency Card¶

An Agent Transparency Card documents an autonomous or semi-autonomous agent's identity, declared capabilities, backend data access, decision logic, limitations, and governance in a single human-readable artifact. It complements the machine-readable agent-card.json that A2A and MCP transports expose, and aligns with the transparency dimensions tracked by the Stanford Foundation Model Transparency Index (FMTI). Produce this artifact during the Critique phase whenever an agent is deployed, updated, or federated across project boundaries.

Template¶

Section 1: Agent Identity¶

Instructions: Name the agent, version, protocol, transport, and owning team. Link to the machine-readable agent card endpoint. Record an EU AI Act risk tier — see src/fcc/data/compliance/.

Field	Value
Agent name	`[FILL]`
Version	`[FILL]`
Protocol / transport / port	`[FILL — e.g. A2A v0.3.0 / HTTP / 8200]`
Agent-card URL	`[FILL]`
Owner / team	`[FILL]`
EU AI Act risk tier	`[Unacceptable / High / Limited / Minimal]`
Summary (1-2 sentences)	`[FILL]`

Section 2: Capabilities¶

Instructions: Enumerate skills with input / output schemas, backend systems accessed (with read / write / read-write scope), and any LLM provider dependency. Declared capabilities are the contract consumers rely on.

Skills table: [FILL]
Backend systems accessed: [FILL]
LLM providers (if any): [FILL]

Section 3: Data Access & Sensitivity¶

Instructions: For every data source read or modified, record sensitivity class, PII presence, volume, and reversibility. Retention beyond the request lifecycle must be explicit.

Data read: [FILL]
Data written / modified: [FILL]
Data retained beyond request: [Yes / No — period / deletion method]

Section 4: Decision-Making Logic & Limitations¶

Instructions: Describe how the agent decides which skill to invoke, its error-handling model, and its concurrency posture. Then list known failure modes, out-of-scope requests, and performance constraints — silence on limitations is a governance violation.

Skill dispatch logic: [FILL]
Error handling (codes, statuses): [FILL]
Concurrency model: [FILL]
Known failure modes: [FILL]
Out-of-scope requests: [FILL]

Section 5: Training-Data Summary¶

Instructions: Summarise the training data of any LLM or ML component the agent depends on. For closed models, reference the provider's public statement; for fine-tuned components, link to the Dataset Card (OPEN-SCI-004b).

LLM training-data posture: [FILL]
Fine-tuning data: [FILL — link to OPEN-SCI-004b]
Known training-data biases: [FILL]

Section 6: Security & Governance¶

Instructions: Declare authentication, authorisation, input validation, rate limiting, TLS posture, audit-log location, incident reporting channel, and the next FCC Critique review date. Complete a self-scored FMTI-style transparency score for the record.

Security posture: [FILL]
Audit log / incident reporting: [FILL]
Review cycle + next FCC Critique: [FILL]
FMTI transparency self-score (0-18): [FILL]

Adoption Checklist¶

All required sections completed
Artifact peer-reviewed by at least one R.I.S.C.E.A.R. peer
Stored in the project's designated docs location
Linked from README or equivalent index
Versioned + date-stamped alongside each agent release

References¶

PHOENIX v4.0.0 — docs/resources/templates/open-science/agent-card-template.md
Bommasani, R. et al. (2025) — Foundation Model Transparency Index, Stanford CRFM (December 2025)
AI System Cards (2025) — arXiv:2509.20394
EU AI Act AI Cards — Commission guidance (2024)
A2A Protocol Specification v0.3.0 — Agent Card schema

FCC integration¶

This template is referenced from the Forensic Auditor persona (src/fcc/data/personas/forensic_auditor.yaml) as part of the Critique-phase evidence set. The auditor uses the Agent Transparency Card to verify risk-tier classifications against src/fcc/data/compliance/eu_ai_act_requirements.yaml and to confirm the declared capabilities match the machine-readable agent-card.json exposed by the A2A or MCP bridge under src/fcc/protocols/. See also src/fcc/data/governance/open_science_gates.yaml.